Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developers365 2fa & Outlook : no 2fa prompt
1101

3141 posts

Uber Geek
+1 received by user: 1143


#296132 24-May-2022 14:30
Send private message

Hi
365 Business , enabling 2fa on user logins

Ive come across 2 PC's , where after 2fa is enables, there is no 2fa prompt in outlook .
outlook just keeps working regardless, never prompted for 2fa verification
ph email & webmail both required the prompt, for those 2 users.

All the other user a/cs had the outlook 2fa prompt popup , so far (all separate PCs).
Its just these 2 , so far (Im sure there will be others)

 

I even forced a logout via the 365 user admin page "Sign this user out of all ‎Office 365‎ sessions" .
That made no differnece
Closed Outlook, restart PC, made sure no linked emails in Win10 Settings , MS Mail wasnt used .
Still no 2fa prompt in Outlook

 

I tried "enforce" in 365 multi-factor authentication admin page .

 

Outlook 2013 & 2016, both had the 2fa reg fix applied.
None of the other Outook 2013's had this issue

 

Is this just 365 being a bit slack with 2fa ?
Its not a deal breaker , as webmail & ph both required the 2fa . Im just wondering why .

 

 

Create new topic
Oblivian
7345 posts

Uber Geek
+1 received by user: 2117

ID Verified

  #2918006 24-May-2022 15:04
Send private message

Are we talking in a corp environment?

 

Session key length. It'll remember devices for x days specified unless you override. Outlook Web default is 6hrs.

 

But normally the box once you enter token will have a tick under it for 'remember me for...' with your current specified.



1101

3141 posts

Uber Geek
+1 received by user: 1143


  #2918011 24-May-2022 15:13
Send private message

Oblivian:

 

Are we talking in a corp environment?

 

Session key length. It'll remember devices for x days specified unless you override.

 



Its a business with staff in several locations .

 

these 2 Outlooks were NEVER prompted for 2fa. Never had to enter a txted code .
Just those 2 Outlooks ,
webmail & ph email email did get the 2fa prompts .

 

 

 

 

 

 

Dynamic
4015 posts

Uber Geek
+1 received by user: 1850

ID Verified
Trusted
Lifetime subscriber

  #2918012 24-May-2022 15:14
Send private message

Are the machines AzureAD joined, so the PC itself is already trusted?




“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams



Dulouz
887 posts

Ultimate Geek
+1 received by user: 384


  #2918021 24-May-2022 15:53
Send private message

I had something similar. IIRC has something to do with 'modern' authentication. Enable or disable modern authentication for Outlook in Exchange Online | Microsoft Docs




Amanon

1101

3141 posts

Uber Geek
+1 received by user: 1143


  #2918040 24-May-2022 16:09
Send private message

Dynamic:

 

Are the machines AzureAD joined, so the PC itself is already trusted?

 

 

these machines arnt Azure AD joined, just checked .

 

Just had a 3rd with the same thing.
And this users phone email didnt prompt for 2fa (perhaps they didnt actually close the ph email app) . thats the first phone that didnt prompt

 

All these 365 user accounts are pre-existing . Im just setting up 2fa .

 

Ive found this suggestion ....
"In many situations, this issue can also be resolved by clearing ADAL credentials from the Windows Credential Manager, as described below. Please note: If clearing the credential manager cache does not result in a web browser popup when logging into a Modern Authentication capable version of Outlook, deleting and re-creating the mail profile may be necessary."

 

Im pretty sure there was no ADAL in credential manger, but did see Outlook saved credentials
Im guessing removing the Outlook credential would force login/pass/2fa .
But thats not the point. There should have been a 2fa prompt, especially after a 365 force 'logout of all 365 sessions '

 

Its not a big issue here, as 2fa was to protect against NEW login attempts .

 

 

fearandloathing
537 posts

Ultimate Geek
+1 received by user: 206

ID Verified
Lifetime subscriber

  #2918056 24-May-2022 17:13
Send private message

I suspect Outlook is using legacy Auth, try creating a new outlook profile.

 
 
 
 

Shop on-line at New World now for your groceries (affiliate link).
1101

3141 posts

Uber Geek
+1 received by user: 1143


  #2918268 25-May-2022 10:01
Send private message

fearandloathing: I suspect Outlook is using legacy Auth, try creating a new outlook profile.

 

I think youre right .

 

So far, its only older versions of outlook, that required a registry patch to even work with 365 2fa
ie outlook  2013, 2016  (some not all )

 

Looking at the Legacy Auth report in 365 Azure AD, I can see 1 of those Outlooks still using legacy Auth
The other 2 Outlooks with the issue arnt showing in Azure legacy Auth report

 

So Im going to assume its just a bug with Outlook 2013 & 2016 , and not worry about it .
It it becomes a real issue then those users will be upgraded to Outlook 365

 

Cheers

 

It may become an issue if/when 365 disables legacy auth

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright